New CSP directive to make Subresource Integrity mandatory (`require-sri-for`)
The tricky thing with SRI is that you have to include it for every HTML tag that points to a CDN if you want the security benefit. And then, of course, it happend that someone forgot to add this and people were sad. Fortunately, they brought this to the Webappsec Working Group and discussed the matter!
Source: frederik-braun.com